README

Framework-agnostic PHP package for Sendity inbound email verification.

sendity/email-channel accepts raw RFC822/MIME messages from an SMTP transport, verifies DKIM sender-domain alignment with dachs/mail-auth, parses message content with an established MIME parser, extracts Sendity authentication codes through the sendity/core AuthCodeServiceInterface contract, and returns a normalized email-channel result.

Boundaries

This package intentionally contains no Laravel/server glue and no persistence/session matching. sendity/laravel-server is responsible for wiring this package into the application, mapping the normalized result into server-side verification flows, and handling storage/events/jobs.

Dependencies on sendity/core are limited to contracts/interfaces. The package does not depend on Sendity server internals.

Basic usage

use Dachs\MailAuth\DkimVerifier;
use Sendity\Core\Contract\AuthCodeServiceInterface;
use Sendity\EmailChannel\EmailChannel;
use Sendity\EmailChannel\SmtpEnvelopeContext;

/** @var AuthCodeServiceInterface $authCodeService */
$channel = new EmailChannel(
    authCodeService: $authCodeService,
    dkimVerifier: new DkimVerifier(),
);

$result = $channel->processRawMessage(
    rawMessage: $rawRfc822Message,
    context: new SmtpEnvelopeContext(
        recipient: 'login@sendity.io',
        mailFrom: $smtpMailFrom,
        remoteAddress: $smtpRemoteAddress,
    ),
);

if ($result->status === \Sendity\EmailChannel\EmailProcessingStatus::Verified) {
    // Hand off $result->sender, $result->codes and $result->identityData to the server glue.
}

Verification policy

A verified result requires:

• raw message size within EmailChannelOptions::$maxMessageBytes
• DKIM verification pass via dachs/mail-auth
• DKIM signing domain aligned with the visible From domain
• parseable MIME content
• visible sender email address
• at least one extractable Sendity code

DMARC is intentionally not enforced here; this matches the current Sendity email-inbound MVP contract.